hacker news with inline top comments    .. more ..    11 Jul 2015 Ask
home   ask   best   4 years ago   
Ask HN: How do I keep child porn out of my site?
50 points by VexedSiteOwner  51 minutes ago   38 comments top 16
VieElm 30 minutes ago 1 reply      
If you're in the United States you should call the National Center for Missing & Exploited Children[1]. They already work with internet service providers to help identify unencrypted images depicting abuse transported over their network. They do this, I think, at an automated level. They should have the information you need. You should probably also call the FBI.


Elepsis 26 minutes ago 1 reply      
Microsoft made an automated system (PhotoDNA) for detecting known child pornography images available to the public a few years ago and it's probably a good starting point:http://www.microsoft.com/en-us/PhotoDNA/

Hopefully this can help you.

(Disclosure: I work at Microsoft but not on PhotoDNA.)

eli 13 minutes ago 0 replies      
Are you based in the US? There's a good chance you are required by law to report images of apparent child pornography. You should talk to a lawyer.



subb 8 minutes ago 0 replies      
This is just an idea, since I never built such filter, but you could automate a large part of filtering NSFW images. A quick search on google lead to this paper : http://cs229.stanford.edu/proj2005/HabisKrsmanovic-ExplicitI...Once you have that in place, I guess it's better to make it agressive and report false positive as NSFW.

Google "safe image search" has the additional help of searching the content of the page the image is used. You might be able to do the same, up to some limit, by checking the http referer header field to know where requests are coming from. You could scan the referer's page for some keywords. This might give you a better idea of the context where the image is used. Note that this might be tricky, since you probably don't want traffic coming out of your server to some child porn site.

That said, those are just some ideas. Youtube has a good community that flags videos, but also an army of reviewer that look at the flagged content.


Another way to look at it would be to try to manually select some images as "front page worthy", instead of trying to filter the bad stuff.

hayksaakian 33 minutes ago 1 reply      
At least with reddit, there's community moderation (read free employees) which enforces the contents of each section.

is there any incentive to participate in your community?

With moderators you feed the "power tripper".

With karma you feed people obsessed with points.

This is a bit complicated: what if you had some sort of capcha that required users to classify images as nsfw/sfw/illegal?

daenz 32 minutes ago 2 replies      
If there isn't already, maybe there should be some kind of public perceptual hash database (http://www.phash.org/) for this kind of stuff.
michaelmior 32 minutes ago 0 replies      
Not sure how useful this would be, but the first thing that came to mind is CrowdFlower[0].

[0] https://www.crowdflower.com/type-content-moderation

aurizon 22 minutes ago 0 replies      
If you give people a way to send passworded links to cash subscribers, then none of his subscribers will rat him out.If you make all images open to view, you can then appeal to people to flag items for removal, or just autoremove them with - say - 2 or 3 flags, and trust to your nicer clients to police the site.If your clients all sign up with throw-aways, then load a huge block of images, all with their own password, then they can sit far away and sell passwords all day and never emerge to be caught. If they want to add more images = a new thow-away account every day if you like.Full accounatbility is the answer so all images can be tracked back to a real address and name. sadly, only good people deal with this, but it might be a way to thin the crowd. A secret untrackable photo site will also soon attract the police as they hunt for child porn sellers, so they will sooner or later come knocking on your door.

One way it to make contact with the police and get permission to list the names of the police agencies that are allowed to inspect the site via backdoor etc. Of course this might enrage some?? So some sort of middle ground might be to quietly approach the police for advice

eli 19 minutes ago 0 replies      
You may be interested in this article:

The Laborers Who Keep Dick Pics and Beheadings Out of Your Facebook Feedhttp://www.wired.com/2014/10/content-moderation/

patrickmclaren 20 minutes ago 0 replies      
It would be interesting to see if this kind of content is amenable to classification. Maybe it would be worth looking into something like Caffe [1], it may even help you with managing the site in general. I can't search right now, however I think that a quick search in Google Scholar could yield a few different approaches in this direction.

[1] http://caffe.berkeleyvision.org/

CHaro 34 minutes ago 1 reply      
Why not report their ip address to the police? Hopefully people will learn that by posting cp on your site they will get flagged.
rendx 30 minutes ago 1 reply      
A "flag content" link should be good enough. Sounds like you're US based; you're not required to manually check all user-contributed content. Set up a DMCA section and link to it at the bottom. If LEA contact you, make sure you react fast, and maybe you want to offer them an automated way of takedown if this really happens that often.

For the future: Asking legal questions without stating your jurisdiction is... not helpful. :)

Yes, big sites employ a lot of people to clean content. I remember reading an article about poor people in $third_world_country that do this all day long.

RexRollman 28 minutes ago 0 replies      
Honestly, I am not sure what you can do about this, other than request users report it when noticed.
im3w1l 28 minutes ago 0 replies      
You should look into automatic classification of the images. Ianal, but I imagine you probably need some kind of permit if you diy.
Raed667 32 minutes ago 0 replies      
For CP if you're US based, log it, take it down, and use one of many report GOV/NGO systems available.
orionblastar 28 minutes ago 1 reply      
Until there is a Machine Learning algorithm that can detect CP, you'll have to have human beings flag it and then other human beings view it and remove it.

Someone brought it to my attention that Bing's cache is full of CP, after the offending websites are taken down, Bing keeps the images for a long time. The Rapidshare sites are also full of it and they password protect RAR files so admins cannot peak into it. It is a major problem that has no solution for it yet. People run Wordpress blogs and spambots leave comments that link to CP sites.

This has become a hot topic issue because that Jared guy from Subway had a manager of his foundation that was found with CP, and they raided Jared's computers and found more evidence.

My ethics and morals won't allow me to look at porn, but it is a big industry. There are all kinds of porn out there. The CP is the worst of it, and a lot of children are trafficked as sex slaves for it. They grow up with a criminal record and sex offender record, and by the time they expunge the record they are in their 40s and can't find work. I was contacted by a woman who was in that situation on Github during the Opal CoC debates. She is trying to get out of her situation by programming and cannot find work because of it.

This CP stuff ruins the lives of the children who suffer abuses for it. Once they grow up they have a hard time in life trying to make ends meet. Some have serious psychological problems that are hard to treat and deal with.

I remember that in some cases the website is found responsible for the content that users post on their websites. Laws in your nation may vary on that. If you find illegal content you should remove it, least you be found liable for it. Make sure to report the IP address of the poster to the government or a non government agency that handles it.

Tell HN: If you use Google Web Fonts your site loads much slower in China
7 points by ecubed  2 hours ago   discuss
Ask HN: I've got 6-7 hours of uninterruptible time. What should I do?
9 points by source99  5 hours ago   14 comments top 10
sago 4 hours ago 1 reply      
Take an open source git repo you've made, or open source a project you've got somewhere on your hard-drive and a) polish it (absolutely without adding new features), and b) document it. Both will teach you new skills and stretch you as a developer in ways that might surprise you. They'll also help make the ecosystem better for others, whether you have 2 or 2 thousand watchers.
jgrahamc 4 hours ago 1 reply      
Sleep. Look out of the window. Read. Forget you own a computer.
baccheion 3 hours ago 0 replies      
I'll say stay away from devices as well, but I mainly mean staying away from social networks, news sites, and anything else that's idle browsing/talking. Also, stay away from work. Too much work, work, working all the time. Come up with new ideas, write blog style posts amount different subjects, look out the window and think, think about where your life is and where it could be, read some good books, etc.
rhgraysonii 2 hours ago 0 replies      
I tend to take time like this to simply write. Be it reflecting on the last 6 months of my life, or some sort of short fiction. Sometimes its good to forget about coding and look at the bigger picture.
vishalzone2002 3 hours ago 0 replies      
sleep. try to stay away from devices, see if you can even do this.. :) - meditate take a pen and paper, write down random ideas plan your day/week ignite a conversation with someone sitting next to you.
melling 3 hours ago 0 replies      
Start a $10 billion business like this guy did on a bus trip:


jason_slack 2 hours ago 0 replies      
I like to a book on a completely new subject and read it on flights.
GFK_of_xmaspast 4 hours ago 0 replies      
Read a book.
general_failure 3 hours ago 0 replies      
Just day dream. Imagine your future
arisAlexis 3 hours ago 1 reply      
obvious question: do you have a laptop?
Ask HN: Why is there no modern package manager for Java?
2 points by scottilee  2 hours ago   1 comment top
patmcc 1 hour ago 0 replies      
It sucks, but it's probably because Java is used so much by large enterprises - and big organizations often won't tolerate using other people's code or sharing their code with other people. Node and Perl are used more by individuals (or startups) doing small bits and sharing back and forth.

If you start one I'll use it though. :)

Tell HN: If your HN submission doesn't get any upvotes, don't worry about it
91 points by minimaxir  13 hours ago   63 comments top 18
austenallred 12 hours ago 4 replies      
I think the problem is how easy it is to game HN, how effective it is to game HN, and how random and spurious it is if you don't game HN.

It's really difficult to just have your post get to the front page organically. It's possible (and probable) that when you submit there just aren't enough people looking at the /new page, so a lot of it comes down to sheer luck. A lot of good/great posts go by unnoticed. Getting 1 or 2 friends to upvote would probably increase your likelihood of being on the front page by 90%.

I've been gravitating towards things like http://lpushx.com, both because they're smaller, and because everything has more of a chance to "survive."

Ironically, this post just exposes how helpful it is to do the behavior it discourages. When you're trying to kill a lucrative behavior (especially something that exposes a loophole), saying, "Please don't do this behavior" is probably the worst way to do so. Now several people just figured out that you can game the system. I would recommend dang kill this.

minimaxir 13 hours ago 0 replies      
geofft 8 hours ago 0 replies      
> While blatant voting manipulation may be the status quo at a certain other startup-oriented link aggregator, it is never good because it breaks the integrity of the service.

Why does it break the integrity of the service? Sockpuppets, sure, but why does asking friends/acquaintances with established HN accounts (presumably the HN software can distinguish these cases) for upvotes work contrary to the goals?

Presumably if you have an account and you "vote well" -- that is, your upvotes are well-correlated with what other people upvote and don't downvote -- you know what people like to see. If a friend asked me to upvote their spam listicle, or a question they could just ask me and get an answer, or some politics story irrelevant to hackerdom, I'd say no. If I "manipulate" a friend's post, I'm making as much of an endorsement of the content as HN-appropriate as if I upvoted something I saw on the front page. (And if I abuse that, my upvotes should get disregarded.)

To be clear, I'm not advocating that bugging your friends for upvotes is a good system. I am advocating that posters asking people who care about HN for endorsement is explicitly desirable, and the software and community norms should be designed to reflect this, instead of the community norm deciding that vote manipulation is an acceptable means to an otherwise-technically-unsupported end.

hardwaresofton 12 hours ago 0 replies      
I always try and 'remember to upvote'. So much great content goes through here, I think many members forget to upvote things they thought were interesting. I often forget to hit upvote on an article I clicked through to and read/enjoyed.

Might lead to upvote inflation but I think extra positivity isn't a terrible problem to have.

onion2k 12 hours ago 2 replies      
It's worth noting that there are two sorts of posts that people will try to game the voting process - submissions by people who want the status of higher karma among their peers and submissions by startup founders who want "traction"[1]. That is to say, people believe there is actual, real tangible value in getting upvotes. To that end, while it'd be nice for HN to be more organic, unless there's a penalty for gaming the system it's not going stop just because people ask nicely.

[1] The traction you get on a site like HN is useful for feedback but it probably won't covert to sales unless you building something for other startups. It's not real take-it-to-the-investors traction.

zackbloom 10 hours ago 1 reply      
I can say from personal experience that it is much easier to get on the frontpage if you have a group of four or five people ready to upvote your content. It is possible to get a post to rise without that, but it often takes a handful of reposts.

I believe the crux of this issue is not enough people frequent the new page (https://news.ycombinator.com/newest). If that page got enough traffic, the legitimate votes would outweigh all but the most systematic attempts to 'game' the system.

vezzy-fnord 12 hours ago 3 replies      
I've been noticing recently that submissions I post will go for hours without upvotes, and then at some point around the 7th hour or so they'll climb to the middle of the front page with around 15-20 upvotes.

Is this manual intervention, or is HN testing out some new heuristic?

rndn 11 hours ago 0 replies      
Idea for a fix: Perhaps HN should have separate karma to reward upvoting on /new on links that are successful later, much like reddit used to have (or still has?) trophies for correctly predicting that a link reaches the frontpage. If there is more incentive to vote on new items you get more accurate estimates of the link quality, and it also does warrant reward to sift through lists with such a low SNR.
kemiller 12 hours ago 1 reply      
We've seen some legitimate posts consistently reported and removed. There are definitely fishy dynamics.
edpichler 10 hours ago 1 reply      
Despite all of these problems, I always have a good reading here on HN.
protomyth 10 hours ago 0 replies      
I have better luck getting upvoted on weekends or as a side article to a topic-of-the-day, but I tend to submit articles that are either directly computer related or about systems that are not going as planned.
seiji 12 hours ago 0 replies      
Great points. Non-submitters seldom realize how often new content goes ignored around here. Unless you're one of the top 20 most recognized names here or unless you're writing about fad-of-the-week, submissions are mostly ignored.

is never good because it breaks the integrity of the service.

vote manipulation is called hustling these days. it tends to be okay if you're in the blessed class allowed to manipulate people or are doing it for a good cause (a private for-profit startup needing "exposure").

They delight in breaking rules, but not rules that matter.http://www.paulgraham.com/founders.html

aakilfernandes 12 hours ago 3 replies      
HN really should allow resubmissions after a certain number of days. Its fine to have an imperfect algorithm, its rather frustrating to pretends its perfect.
mbrutsch 11 hours ago 0 replies      
No worries, it's just not worth it to post on HN.
stefantalpalaru 12 hours ago 1 reply      
Sure, don't worry about wasting your time submitting links that have a 80-90% chance of being ignored. Do what I do and, once you manage to get enough karma points to no longer care about them, simply stop trying to contribute.

There's always lobste.rs for when you really want to share something with your peers.

11thEarlOfMar 12 hours ago 0 replies      
I love the irony of this post.
notacoward 12 hours ago 0 replies      
> While blatant voting manipulation may be the status quo at a certain other startup-oriented link aggregator

As I was recently told...

> No acerbic swipes on Hacker News, please.

Let's try to avoid double standards, OK?

sobkas 12 hours ago 0 replies      
>it is never good because it breaks the integrity of the service.

So you are trying to imply that HN(or any other link aggregator) have integrity?

Ask HN: What problems are you working on for the buy-side/hedge fund industry?
5 points by curiousjorge  6 hours ago   4 comments top 2
brotchie 5 hours ago 1 reply      
Buy-side infrastructure funds and their intermediaries bidding on regulated energy assets (Australia-only at the moment).

We started building web-based analysis tools for regulated energy companies (helping them keep on-top of their regulated rates of return, regulatory news, etc) and it turns out potential acquirers also want these tools.

We pretty much provide an automated regulatory analyst via a web-app.

Pitched to 1st-degree consulting contacts.

meeper16 6 hours ago 1 reply      
Optimizing for short hedges on the buy side.
Ask HN: Why do tech interview recruiters not reject me
7 points by designml  9 hours ago   11 comments top 6
MalcolmDiggs 1 hour ago 0 replies      
In my experience:

1. You apply, you do okay. Let's call you applicant A.

2. Company has found someone else they want more, so they start moving forward with that person (applicant B).

3. Recruiter knows that that applicant B might reject their offer or take a different gig, so he doesn't tell you (applicant A) any of this. He waits until things are 100% finalized between the company and applicant B before he gets back to you at all.

4. In some cases, after a month of silence, he comes back and says "they're ready to hire you" (because Applicant B turned them down), or he'll say "they just hired someone else", or he'll forget to respond to you entirely.

Moral of the story: Just keep moving, keep interviewing elsewhere. If they get back to you someday, great. If they don't, no sweat.

mdip 7 hours ago 1 reply      
I used to do a bit of this and it's a sort-of paradox. (I'm referring entirely to my last job, not my current where I have not done hiring yet and we've brought on several people in a very short period of time)

On the one hand, we hire because we desperately need someone to fill a role we're now doing in addition to our current work.

On the other hand, we are so miserably overwhelmed with work that going through the mess of things with HR to get everything figured out takes way longer than it should. In the middle of that might also be something happening to the position itself -- it was open and available when we listed it, but now the company's financials came out and we don't know if the position is still available. So we sit on it, for weeks, waiting to hear back from a VP. It gets approved but, nuts, the candidate's found another job already.

But within your question you seem to be asking for help in getting the job. You think you've interviewed well so you might have been within the top few candidates and just didn't get selected. The person who got selected, obviously, was notified. You were not and I guarantee that this will happen most of the time. As an interviewer, we didn't handle any of that communication -- you came to me with a resume attached in an e-mail from our hiring team. I don't even know how to get in touch with you. It sucks and I'm very sorry about that, but at a big corporation, it's pretty typical, unfortunately (and that speaks to a lot of other processes that tend towards being terribly impersonal).

I'd also hate to say it but too often I'd be stuck between 4 adequate candidates and the decision came down to superficial things. The best advice I can give you there is: add some superficial things. Get the work mailing address of the person you interviewed with -- the one who is going to make the decision. Write a hand-written Thank You letter expressing your desire for the position. I've gotten one of those in my life, though I've written one every time. My boss was so impressed by that extra step that I didn't get to pick the person I wanted for the job in favor of the other gal. She turned out to be a fantastic hire, so no hard feelings, but she literally won out because of a thank-you note.

Edit: To clarify I'm referring to a large corporation, not a startup. Can't recommend working for a good startup enough, it's been a way better situation for me.

audieleon 8 hours ago 2 replies      
As a hiring manager in a large company, I can tell you that most of the people you are interviewing with aren't being actively rude, they are overwhelmed.

If I took the time to contact all the people I passed on to give them an explanation, it would consume more time than I can afford. The people making the decision to hire are - usually - the ones with the most to do.

The safest bet is to consider any lack of communication a "no." Personally, if I want to hire someone, I make the offer on the same day I interview them. Any company worth your time should do the same.

On a side note, you should make a habit of giving and getting business cards from your interviewers - particularly the decision maker. Also, turn the interview around if you can. Your talents are worth a good company. Make THEM SELL YOU on their job. Don't take a stance of hope. Make sure they leave the interview knowing you are the right person, and the question is "will YOU accept their offer?"

Good luck!

twunde 5 hours ago 0 replies      
Companies don't benefit from sending out rejection letters unless they think they may want to hire someone they previously rejected. There is also the potential for legal liability if they say something. That on top of the time it would take an already super-busy person to send emails to all the candidates means that many companies don't bother.
smt88 9 hours ago 1 reply      
People are rude and their inboxes are full. Use the phone when you follow up and leave a voicemail. Do this 2 or 3 times and the move on.

Sometimes you'll feel the most hopeless right before a breakthrough. This has happened with 4 companies, but the 5th might be a perfect fit. Be persistent.

If you do get those companies on the phone, be brave enough to ask them why they passed. If they don't know, ask they if they can put you in touch with the interviewer. You can't work on your weaknesses if you don't know what they are (and people rarely know for sure).

dudul 9 hours ago 1 reply      
This is very unprofessional but not uncommon at bigger companies. They just don't care. First, chances are you were not even interviewing for a real position, they were just using you to collect data ("who is out there", "what kind of money do they want", "what are they making now", etc)

Second, why take a chance to get back to you and tell you it wouldn't work out? You're gonna ask why and what are the gonna say? "Not a good fit"? Even this made up reason doesn't work anymore, since people start suing for discrimination.

I've found that this behavior is very rare at small shops and startups since they care about their reputation and try to not alienate people in their area.

Ask HN: What happened to Bufferbloat?
10 points by pjungwir  11 hours ago   4 comments top 4
mmagin 10 hours ago 0 replies      
It didn't go away. I was reminded of it recently when I read this: https://www.febo.com/pipermail/time-nuts/2015-July/092770.ht...
drv 7 hours ago 0 replies      
The bufferbloat-related changes made in CeroWRT (http://www.bufferbloat.net/projects/cerowrt) have been merged into the Linux kernel and the OpenWrt project.
MaulingMonkey 9 hours ago 0 replies      
Twitch working on a form of buffer bloat recently: http://blog.twitch.tv/2015/05/new-reduced-stream-delay-beta/
vezzy-fnord 9 hours ago 0 replies      
Seems like it's a phenomenon that goes through cycles of visibility, given its documentation dates back to the early 80s.
Ask HN: Which psychological hacks do you use to motivate you and feel happy?
4 points by Eduard  10 hours ago   8 comments top 4
smt88 9 hours ago 1 reply      
If there were something like this, a book, startup, or nonprofit would have totally replaced the need for therapy.

What you're looking for is therapy. It takes a long time. There are little things you can do, but generally motivation and happiness are deeply rooted in things like your personality, income level, and a myriad of external factors that can't just be "hacked".

You can, however, do the following, which are known to be done by happy people (causal relationship is not necessarily established):

1. Exercise daily

2. Eat food in moderation, and mostly healthy food

3. Maintain close relationships with friends and family (loneliness is very bad for your health)

4. Write down 5 things you're thankful for every day

5. Meditate, practice mindfulness, or otherwise clear and focus your mind for a non-trivial amount of time every day

6. Similar to #5: take time to be bored

pjungwir 7 hours ago 0 replies      
I think for all of us it is a lifelong struggle, but here are some things I do:

- If I'm stuck I take a walk.

- Tackle the hard/unknown/risky stuff first.

- Do the boring/easy stuff after lunch when I'm sleepy.

- The hardest thing is getting started.

- Let the little things build up for a while so you can do a bunch at once.

- Sometimes ignoring a problem works really well! I'd never have accepted that when I was younger, but really, sometimes problems are not urgent and ignoring them makes them go away. But sometimes not.

- If I hit my revenue goal for the month I buy myself a bottle of scotch. Maybe this habit isn't so healthy. :-)

zzzcpan 9 hours ago 1 reply      
Tricking yourself into doing one of the smallest things from your todo list works. Usually you end up doing much more.

Writing todo lists helps too, but not immediately. It forces you into thinking mode and you may end up doing a lot of the work next day.

But there is still a limit. You cannot be productive 40 hours per week.

brudgers 9 hours ago 0 replies      
Get done things that matter to you. Focus and happiness become byproducts of the process.
Early adopters what's fair game?
2 points by mykinator  7 hours ago   2 comments top 2
MalcolmDiggs 1 hour ago 0 replies      
There are sites like ProductHunt, which specialize in this type of thing. Might be worth checking out.
cblock811 3 hours ago 0 replies      
If you are providing real value, showcase what you built. If you are disingenuously shilling your product, dont bother. You will only damage yourself. What's the product. Happy to take a look at it if you have a website.
Ask HN: Actual uses and differences between technologies
3 points by starshadowx2  8 hours ago   9 comments top 5
twunde 7 hours ago 1 reply      
Javascript - programming language used in browsers

Ruby, Python - general purpose programming languages. Often used in web development.

Rails, django - server-side web development frameworks. These are sets of related code libraries that make it easy to develop web applications using ruby and python respectively.

Mysql, Mongo - These are databases. Mysql is a relational database and uses sql as the programming language to interact with days. Mongo is an example of a nosql database. Nosql is a catchall term for databases that aren't relational and don't use sql.

React, angular - front-end javascript frameworks that are used to make complex browser interactions I'd like making sortable data tables.

Html5/css3 - Html and css are the building blocks of web pages. The numbers indicate the latest vegrsion which included a number of new ui abilities.

marisbest2 8 hours ago 1 reply      
For those wondering, this seems to be RE: https://news.ycombinator.com/item?id=9861378

If you're using Codecademy you're off to a good start. The question is what do you want to build. A blog? An iOS app? solve some computational questions?

Once you can code, you can work with just about anything because most languages are based on the same fundamentals. So pick a project or a technology and then google "Build a XXX tutorial" or just the technology name and find a tutorial.

I find that the easiest language to learn is Python. Once you know the basics, you can start with http://projecteuler.net for some coding / CS problems. From there move on to https://docs.djangoproject.com/en/1.8/intro/tutorial01/ for some Django stuff.

I tell people to learn languages in this order:Python -> JS -> Java -> C -> C++ -> Haskell/oCaml -> whatever you need for work.

Standard web stacks include LAMP and MEAN. Standard mobile apps are written in Swift (with some C++) and Java (with some other random stuff thrown in there). Pick a set of technologies and write something simple (like a blog or calculator or mini social network.) Then swap out one or two components and build it again. I've built a bunch of blackjack games in 10+ languages with 4 or 5 different UIs, solved a bunch of the projecteuler stuff in a bunch of languages, and at work I play browse around the code base (Java, JS, Coffeescript, Typescript, C++, etc.) to read other people's code. When you do the same project over and over you learn the strengths and weaknesses of each project.

At the end of the day, most tools are mostly the same (especially if you don't have to worry about scale) and their strengths and weaknesses are less important that the developers comfort level.

pjungwir 7 hours ago 0 replies      
This article I wrote explains some of the core technologies of the web from a high level, including many in your list:


I suspect you might know most of it already but perhaps you'll find something helpful.

codygman 5 hours ago 0 replies      
Haskell - A purely functional programming language that is a general purpose language. It's often cited to be best for making language parsers using Parsec or Attoparsec, but I've found with Snap/Yesod/Scotty it is great for web development.

Purescript - A pure functional alternative to JavaScript that compiles down to very concise readable JavaScript code in the rare case you need to debug it or track down performance issues.

VT_Drew 7 hours ago 1 reply      
I found this rails vs django compassion helpful. https://www.coursereport.com/resources/ruby-on-rails-vs-pyth...
Ask HN: The most interesting current approaches to teaching programming?
3 points by cproctor  8 hours ago   7 comments top 4
AnimalMuppet 8 hours ago 2 replies      
Was there something wrong about the approaches of the 70's?

I think we look for something that makes it easier for large numbers of people to become programmers. And I guess that's OK, for some definition of "programmer". Teaching people to be professionals still takes a degree, or basically an apprenticeship, or both, and I don't see that changing. (You don't see a new approach to teaching chemical engineering dramatically changing things.)

But perhaps I have misjudged the thinking behind your question...

bobbylox 7 hours ago 0 replies      
I wrote this article a while ago to point out some games-based approaches: http://www.gamasutra.com/blogs/RobLockhart/20130905/199667/G...

Since then, even more have cropped up:Code Combat: https://codecombat.com/Empire of Code: http://www.checkio.org/blog/empire-code-space-strategy-game-...Code Kingdoms: http://codekingdoms.com/Taken Charge: https://takenchargegame.com/ComputerCraftEdu (Minecraft Mod) : http://computercraftedu.com/

caffix 8 hours ago 0 replies      
One thing I've found concerning is the continued lack of secure coding curriculum being taught to computer science and software engineering students.

No doubt, this has only contributed to the divide between software engineers and information security engineers.

petervandijck 8 hours ago 0 replies      
I'd really like to see some deliberate practice approaches. Kahn's academy seems close.

For developers, something like laracasts (or other screencasts) is working well it seems. Not very revolutionary though.

Ruby on Rails vs. Node.js
5 points by Apane  6 hours ago   2 comments top 2
MalcolmDiggs 1 hour ago 0 replies      
I think arguments can be made on either side pretty convincingly.

For me personally, the ecosystem matters most. So the choice comes down to Gems vs NPM. NPM tends to have what I need the vast majority of the time, and gets better every day; so I prefer Node.

Here's an interesting comparison of the ecosystems: http://www.modulecounts.com/

anonyfox 5 hours ago 0 replies      
Meteor.js beats rails in terms of productivity. Also it's in most cases more performant (node vs ruby thing). It requires some re-learning of how to model your data (document store vs relational data), but in most cases it's worth it.

Also soft realtime is the default, shipping mobile/desktop apps aside with your webapp requires little to no code changes, and even offline working apps are doable with ease.

Rails was fine 10years ago and popularized many paradigms when it was important... Now the world moved on and requirements changed heavily. No bad rap for rails (it paid my bills for many years!) but it left the path of innovation and is now mainly on the maintenance road and trying to catch up and thats it IMHO.

Ask HN: Why don't transistors in microchips fail?
191 points by franciscop  1 day ago   107 comments top 21
joelaaronseely 1 day ago 5 replies      
There is another mechanism called "Single Event Upset" (SEU) or "Single Event Effects" (SEE) (basically synonymous). This is due to cosmic rays. On the surface of the earth, the effect is mostly abated by the atmosphere - except for neutrons. As you go higher in the atmosphere (say on a mountaintop, or an airplane, or go into space) it becomes worse because of other charged particles that are no longer attenuated by the atmosphere.

The typical issue at sea level is from neutrons hitting silicon atoms. If a neutron hits the neucleus in some area of the microprocessor circuitry, it suddenly recoils, basically causing an ionizing trail of several microns in length. Given transistors are now measured in 10s of nanometers, the ionizing path can cross many nodes in the circuit and create some sort of state change. Best case it happens in a single bit of a memory that has error correction and you never notice it. Worst case it causes latchup (power to ground short) in your processor and your CPU overheats and fries. Generally you would just notice it as a sudden error that causes the system to lock up, you'd reboot and it would come back up and be fine, leaving you with a vague thought of, "That was weird".

gibrown 1 day ago 2 replies      
As a former hardware engineer who worked on automated test equipment that tested ASICs (and did ASIC dev), there are a lot of different methods used to avoid this.

As others mentioned, most of these problems are caught when testing the chips. Most of the transistors on a chip are actually used for caching or RAM, and in those cases the chips have built in methods for disabling the portions of memory that are non-functional. I don't recall any instances of CPUs/firmware doing this dynamically, but I wouldn't be surprised if there are. A lot of chips have some self diagnostics.

Most ASICs also have extra transistors sprinkled around so they can bypass and fix errors in the manufacturing process. Making chips is like printing money where some percentage of your money is defective. It pays to try and fix them after printing.

Also, as someone who has ordered lots of parts there are many cases where you put a part into production and then find an abnormally high failure rate. I once did a few months of high temperature and vibration testing on our boards to try and discover these sorts of issues, and then you spend a bunch of time convincing the manufacturer that their parts are not meeting spec.

Fun times... thanks for the trip down memory lane.

kabdib 1 day ago 2 replies      
Oh, they do fail.

The last time I worked with some hardware folks speccing a system-on-a-chip, they were modeling device lifetime versus clock speed.

"Hey software guys, if we reduce the clock rate by ten percent we get another three years out of the chip." Or somesuch, due to electromigration and other things, largely made worse by heat.

Since it was a gaming console, we wound up at some kind of compromise that involved guessing what the Competition would also be doing with their clock rate.

ajross 1 day ago 4 replies      
Yes, they can fail. Lots and lots of them fail immediately due to manufacturing defects. And over time, electromigration (where dopant atoms get kicked out of position by interaction with electron momentum) will slowly degrade their performance. And sometimes they fail due to specific events like an overheat or electrostatic discharge.

But the failure rate after initial burn-in is phenomenally low. They're solid state devices, after all, and the only moving parts are electrons.

zokier 1 day ago 1 reply      
Slightly related thing is RAM random bit errors. There was an interesting article published few years ago where some guy registered domains that differed by one bit from some popular domains and recorded the traffic that hit them. Kinda scary to think what else is wrong in your RAM then... Too bad that ECC is still restricted to servers and serious workstations.


Nomentatus 1 day ago 0 replies      
Nearly all chips experienced transistor failures, rendering them useless, back in the day. Intel is the monster it is because they were the guys who first found out how to sorta "temper" chips to vastly reduce that failure rate (most failures were gross enough to be instant, back then, and Intel started with memory chips.) Because their heat treatment left no visible mark, Intel didn't patent it, but kept it as a trade secret giving them an incredible economic advantage, for many years. They all but swept the field. I've no doubt misremembered some details.
nickpsecurity 1 day ago 1 reply      
They're extremely simple, have no moving parts, and the materials/processes of semiconductor fabs optimize to ensure they get done right. The whole chip will often fail if transistors are fabbed incorrectly and rest end up in errata sheets where you work around them. Environmental effects are reduced with Silicon-on-Insulator (SOI), rad-hard methods, immunity-aware programming, and so on. Architectures such as Tandem's NonStop assumed there'd be plenty of failures and just ran things in lockstep with redundant components.

So, simplicity and hard work by fab designers is 90+% of it. There's whole fields and processes dedicated to the rest.

RogerL 1 day ago 1 reply      
Others have answered why, here is the 'what would happen'. Heat your CPU up by pointing a hair dryer at it (you may want to treat this as a thought experiment as you could destroy your computer). At some point it begins to fail because transistors are pushed past theiroperating conditions. Another way to push it to failure is to overclock. The results are ... variable. Sometimes you won't notice the problems, computations will just come out wrong. Sometimes the computer will blue screen or spontaneously reboot. And so on. Just depends where the failure occurs, and if the currently running software depends on that part of the chip. If a transistor responsible for instruction dispatch fails it's probably instant death. If a transistor responsible for helping in computing the least significant bit of a sin() computation, well, you may never notice it.
mchannon 1 day ago 1 reply      
Generally, yes, a failing transistor can be a fatal problem. This relates to "chip yield" on a waferfull of chips.

Faults don't always manifest themselves as a binary pass/fail result; as chip temperatures increase, transistors that have faults will "misfire" more often. As long as this temperature is high enough, these lower-grade chips can be sold as lower-end processors that never in practice reach these temperatures.

Am not aware of any redundancy units in current microprocessor offerings but it would not surprise me; Intel did something of this nature with their 80386 line but it was more of a labeling thing ("16 BIT S/W ONLY").

Solid state drives, on the other hand, are built around this protection; when a block fails after so many read/write cycles, the logic "TRIM"s that portion of the virtual disk, diminishing its capacity but keeping the rest of the device going.

intrasight 1 day ago 2 replies      
When I was studying EE, a professor said on this subject that about 20% of the transistors in a chip are used for self-diagnostics. Manufacturing failures are a given. The diagnostics tell the company what has failed, and they segment the chips into different product/price classes based upon what works and what doesn't. After being deployed into a product, I assume that chips would follow a standard Bathtub Curve: https://en.wikipedia.org/wiki/Bathtub_curve

As geometries fall, the effects of "wear" at the atomic level will go up.

greenNote 1 day ago 0 replies      
As stated, two big variables are clock rate and feature size, which both effect mean time between failures (MTBF). Being more conservative increases this metric. I know from working in a fab that there are many electrical inspection steps along the process, so failures are caught during the manufacturing process (reducing the chance that you see them in the final product). Once the chip is packaged, and assuming that it is operated in a nominal environment, then failures are not that common.
tzs 1 day ago 1 reply      
Speaking of the effects of component failure on chips, a couple years ago researchers demonstrated self-healing chips [1]. Large parts of the chips could be destroyed and the remaining components would reconfigure themselves to find an alternative way to accomplish their task.

[1] http://www.caltech.edu/news/creating-indestructible-self-hea...

wsxcde 1 day ago 0 replies      
Others have already mentioned one failure mechanism that causes transistor degradation over time: electromigration. Other important aging mechanisms are negative-bias temperature instability (NBTI) and hot carrier injection (HCI). I've seem papers claim the dual of NBTI - PBTI - is now an issue in the newest process nodes.

This seems to be a nice overview of aging effects: http://spectrum.ieee.org/semiconductors/processors/transisto....

2bluesc 23 hours ago 0 replies      
In 2011, Intel released the 6 series chipset with an incorrectly sized transistor that would ultimately fail if used extensively. A massive recall followed.


spiritplumber 1 day ago 1 reply      
This is why we usually slightly underclock stuff that has to live on boats.
jsudhams 1 day ago 0 replies      
So would that mean we need to ensure the systems in critical area (not nuclear or some but banks and transaction critical) be tech refereshed mandatory at 4/5 years? Especially when 7nm production starts.
Gravityloss 1 day ago 0 replies      
They do fail. Linus Torvalds talked about this in 2007http://yarchive.net/comp/linux/cpu_reliability.html
msandford 1 day ago 0 replies      
> Considering that a Quad-core + GPU Core i7 Haswell has 1.4e9 transistors inside, even given a really small probability of one of them failing, wouldn't this be catastrophic?

Yes, generally speaking it would be. Depending on where it is inside the chip.

> Wouldn't a single transistor failing mean the whole chip stops working? Or are there protections built-in so only performance is lost over time?

Not necessarily. It might be somewhere that never or rarely gets used, in which case the failure won't make the chip stop working. It might mean that you start seeing wrong values on a particular cache line, or that your branch prediction gets worse (if it's in the branch predictor) or that your floating point math doesn't work quite right anymore.

But most of the failures are either manufacturing errors meaning that the chip NEVER works right, or they're "infant mortality" meaning that the chip dies very soon after it's packaged up and tested. So if you test long enough, you can prevent this kind of problem from making it to customers.

Once the chip is verified to work at all, and it makes it through the infant mortality period, the lifetime is actually quite good. There are a few reasons:

1. there are no moving parts so traditional fatigue doesn't play a role

2. all "parts" (transisotrs) are encased in multiple layers of silicon dioxide so that you can lay the metal layers down

3. the whole silicon die is encased yet again in another package which protects the die from the atmosphere

4. even if it was exposed to the atmosphere, and the raw silicon oxidized, it would make silicon dioxide, which is a protective insulator

5. there is a degradation curve for the transistors, but the manufacturers generally don't push up against the limits too hard because it's fairly easy and cheap to underclock and the customer doesn't really know what they're missing

6. since most people don't stress their computers too egregiously this merely slows down the slide down the degradation curve as it's largely governed by temperature, and temperature is generated by a) higher voltage required for higher clock speed and b) more utilization of the CPU

Once you add all these up you're left with a system that's very, very robust. The failure rates are serious but only measured over decades. If you tried to keep a thousand modern CPUs running very hot for decades you'd be sorely disappointed in the failure rate. But for the few years that people use a computer and the relative low load that they place on them (as personal computers) they never have a big enough sample space to see failures. Hard drives and RAM fail far sooner, at least until SSDs start to mature.

MichaelCrawford 1 day ago 0 replies      
They do.

That's why our boxen have power-on self tests.

rhino369 1 day ago 0 replies      
Extremely good R&D done by semiconductor companies. It's frankly amazing how good they are.
Gibbon1 1 day ago 1 reply      
Transistors don't fail for the same reason the 70 year old wires in my house don't fail. The electrons flowing through the transistors doesn't disturb the molecular structure of the doped silicon.
Ask HN: Is it feasible to have children wear worldview protectors in school?
8 points by amichail  12 hours ago   21 comments top 13
brachi 10 hours ago 1 reply      
I'm not sure if you're asking as a business idea of to apply it to your own kids, but the explicit use of this method to controlling children's mind and hoping to mold them according to the parent's world view is a little scary IMO. I don't want to criticize how parents want to educate their children, but what's next, a hidden recording device to listen to all their conversation, transcribe them and spot conflicting opinions? Why treat kids as the parent's property? Could a child become a healthy critical-thinking adult after such a controlled and oppressed childhood?
esnible3 10 hours ago 0 replies      
No. It was recently revealed that even a much simpler problem, detecting genitals in on-line worlds, was so difficult that the world was shut down. It might be possible to detect certain words with speech recognition, but the teacher will just use different words. http://fusion.net/story/143218/lego-universe-had-a-huge-dong...

Twenty years ago we learned that even censoring specific bad words in online chat rooms is impossible. http://articles.baltimoresun.com/1995-12-02/features/1995336...

MalcolmDiggs 1 hour ago 0 replies      
You can try helicopter-parenting; be that weird parent standing up in the back of the class yelling at the teacher. That might work.
insoluble 3 hours ago 0 replies      
Next you are going to be asking whether it would be feasible to have Internet filters (browser plugins) that augmented the social media pages of other children from households with differing views. It could even, for example, replace words like "Jesus" with "Big Brother" (or Allah, Jehovah, et al). Then, of course, the child would need to wear augmented vision that made other children from disagreeable families or backgrounds look really ugly (or scary). Perhaps the system would simply detect the identity of each person (based on face) and use keyword profiling from social media and related to classify each.
mdpm 4 hours ago 0 replies      
1) Ostracisation.2) Parental hatred3) _You_ couldn't perform that function, were you standing behind them with blinkers and earmuffs at the ready4) Other children. Will talk. Should we censor them too?5) Rationalising the views we have _in the face of conflicting opinion_ is what allows us to cement our own views6) Guiding our children in how to accept / interpret / evaluate the plethora of opinions out there is the largest influence we have. Your choices of media, internet access, social groups, extra-murals, etc. are there to perform this function.

I really don't want to see the psychological damage this could cause, even if possible (I do believe AR and augmentation and weak AI will enable versions of this). Filter bubbles are dangerous, limiting, and foster intolerance. I don't think we need any more intolerance.

klez 12 hours ago 1 reply      
Maybe I'm just short-sighted, but unless the device can catch non-verbal signs that someone is about to say something that conflicts with your worldview, it would be hard to censor stuff on-the-fly.

Also, are we really at a point where we want to protect children from opinions?

dragonwriter 11 hours ago 0 replies      
It might be remotely possible if you have, you know, artificial general intelligence with a high reaction speed, and comprehensive knowledge of the parents worldview. Even then it would be very confusing, since it would have to cut in late into sentences or larger presentations when the conflict was detected.

Even if it works, it seems likely mostly to adversely affect the children's performance in school (and not just on the specific worldview issues -- the distraction and stress from all the incomplete thoughts would probably be a general drag on their attention and performance), and their ability to interact with those there.

rwallace 11 hours ago 0 replies      
Not feasible without AI that can understand natural language, which is a long way off. Bad idea even if it were feasible. If you are afraid teachers will teach your children falsehoods - which could happen, granted - then teach them how to be sceptical of falsehoods.
CamTin 12 hours ago 1 reply      
I don't think it's feasible, but that's a great premise for a scifi story.
jjp 11 hours ago 1 reply      
At what point would you pass control over to the child so that they can automatically censor any speech from the parent that conflicts with the childs' worldview?
abraham_s 10 hours ago 1 reply      

Spoiler Alert.

A sci-fi story which mention a device that adults use to control what children can see.

joshuaheard 9 hours ago 0 replies      
it is called a "school voucher". With it, parents can send their kids to a school that conforms to their world view.
toss1 8 hours ago 0 replies      
Enter Socrates, just asking questions.....

(remember that the charges for which he was put to death started with 'corrupting the youth of Athens').

This is both a horribly bad idea for a wide variety of reasons, and to top it off, it won't work, not even in principle.

Ask HN: What am I doing wrong
3 points by letmeaskthis  9 hours ago   8 comments top 5
pvaldes 4 hours ago 0 replies      
Too general situation. Can you elaborate your question?

There is always a better way but you need to build your solution in small incremental steps. This means that you can not solve anything until you had failed to solve the problem previously and identify the wrong answers leading to death ends.

davismwfl 9 hours ago 1 reply      
You aren't alone in this, I think it is a relatively common problem. In general, experience is what makes this better. Knowing when to take another path is usually when you see that the problem is over complicated as is. Take a look at the overall goal of the solution, then break it down into stages, steps or simple issues within the larger context. That will usually help you prevent being taken hostage by the problem.

Also, sometimes issues are just complicated. I recently worked on debugging an image processing algorithm I implemented for a client. I spent 4 days following one path just to figure out it wasn't the right path at all. In that case the hostage feeling came from the fact it was highly parallel and extremely complex and it just took a lot of time. Even with breaking the steps down to the simplest denominator.

ruraljuror 7 hours ago 0 replies      
Not sure if you mean long term (as in design-level issues) or short term (trying to hack through a particular method), but in either case one of the best things you can do is turn off from actively thinking about the problem. If you're banging your head against the wall, give yourself permission to walk away and let your unconscious process and work through the information. You will often be surprised to see the mountain leveled when you return. One way of doing this is taking a long walk as a mid-day break.
halotrope 8 hours ago 0 replies      
I have experienced these things as well. Switching tasks and coming back to the problem the next morning sometimes works wonders. Also pari programming and reasoning together about design and implementation can give you a fresh perspective from my experience.
letmeaskthis 9 hours ago 1 reply      
It could also be that the 'solutions' I have are also idealistic which is more demanding than other simpler solution possibilities. Maybe this is part of the problem?
Ask HN: How to become an effective Citizen scientist
7 points by agentgt  11 hours ago   discuss
Ask HN: Need advise on introducing a basic income
10 points by halotrope  10 hours ago   19 comments top 4
dragonwriter 9 hours ago 1 reply      
> Since there is about 80M people in germany it would need 80B per month to finance that. I would very much like to solve this problem with technology and dodge politics.

IF you want do it with technology and dodge politics, then you need to create an enterprise that generates 80 billion euro [0] in monthly revenue above what is necessary to maintain the enterprise, and then sends out the money.

Good luck coming up with the technological solution which provides nearly a trillion euro in annual profits, and can continue doing so (and growing with population and inflation) while distributing all that to the people of Germany.

[0] actually, more, because you need funding for the money distribution part, too.

loumf 9 hours ago 2 replies      
You need the taxation power of a state to force rich people to pay for it. That's how basic income works -- everyone gets 1000, but some people pay more than 1000 in extra tax. The net is 0.

How to use technology to do this:

1. Make up a scheme where 70% get net positive income (make models, etc)

2. Make up persuasive material (interactive visualizations?)

3. Spread it

4. Harness the enthusiasm into actions

Ultimately use this to elect people who will pass it.

partisan 9 hours ago 2 replies      
Sorry, I am not able to contribute a solution to your question. I don't think you can do this without politics being involved, otherwise you are asking everyone to participate instead of mandating that everyone does.

Doesn't basic income cause inflation? It ensures that everyone can have the basics, if they choose to use it that way, but will drive up prices on the basics because demand increases. Am I missing something?

2noame 8 hours ago 1 reply      
You'll likely find this valuable then if you haven't already read it:


Ask HN: What things should I keep in mind while open sourcing our non-profit?
6 points by Dwolb  13 hours ago   discuss
Ask HN: I'm cloning my own app into 10x new apps. Is it allowed on Google Play?
4 points by makuchaku  12 hours ago   10 comments top 5
cweagans 8 hours ago 0 replies      
Just keep it in one app and do in-app purchases for different content packs. Much easier.
alain94040 5 hours ago 0 replies      
Nice touch, putting a referrer tag for HN in your URL.
caspercrf 12 hours ago 1 reply      
I'm not sure about the cloning, but having the names Whatsapp and Twitter in your app name could get the app banned.
CmonDev 12 hours ago 1 reply      
And are you worried about ethics?
feld 12 hours ago 1 reply      
don't fill up app stores with this cruft
Ask HN: Is there a place for professionals to trade skills
3 points by ruckusing  12 hours ago   3 comments top 2
MalcolmDiggs 1 hour ago 0 replies      
In my experience: if you go around scratching backs routinely, there will be someone to scratch yours when you need them. Start by being generous with your own time, and it'll work out in the end.
thefivetoes 10 hours ago 1 reply      
Trading skills sounds like a nice idea, but it seems like it might limit you. Maybe someone knows iOS but doesn't really care to learn Android at the moment. Pitching it that way might rule people out who would otherwise love to help someone for "free."

In my experience, simply asking an experienced developer for help is enough and a great way to meet a dev with different skills is to get involved in their community.

Are there any iOS MeetUps in or near your area? Or perhaps a popular iOS IRC or Slack channel you can join to meet people remotely?

Skype security breached
19 points by rPawel  22 hours ago   1 comment top
thenomad 17 hours ago 0 replies      
Yup, I've had that problem a couple of times recently too. Definitely a current issue.
Ask HN: Abuse of my Google apps email
2 points by europa  10 hours ago   2 comments top
halotrope 8 hours ago 1 reply      
As a precaution you should enable MFA for you account and change your password. I would be worried about that someone gained access and is now using the email address to sign up for services etc. If the account was compromised you could also loose your domain quickly if this is the account email for your registration provider and the use it to gain access and transfer the domain.
Ask HN: I've constantly changed companies. Would I be considered unreliable?
35 points by panjaro  14 hours ago   55 comments top 33
tokenadult 13 hours ago 3 replies      
I know someone who has followed a career path of frequent job changes (always in the same metropolitan area, mine, the Twin Cities of Minnesota) in computer-related work and who has always managed to make each job change a net raise. He is making substantially more money now than many of his contemporaries who stayed at the same company for years, and has leaped over some of those persons for more responsible roles with more challenge (what you desire) and a better pay-and-lifestyle balance than other people with similar technical skills in the same company have. In other words, it depends. If you make sure to trade up every time you trade, you have set up a ratchet that should make your career better over time.
SEJeff 13 hours ago 5 replies      
As a hiring manager, I look for employees who have stayed at previous jobs at least two years. If you switched a few, that is fine, but if your average is around 1.5 years, then that seems like a problem.

For most companies with complex environments, it might take 6 to 8 months to fully get you up to speed. Why should I put that into you only to have to do it again? Perhaps you're looking for jobs in the wrong part of tech, or corporate tech isn't for you? Have you considered trying to found a startup, one that you yourself are directly vested in? Perhaps that is your best bet for the future.

netcan 12 hours ago 0 replies      
Don't worry. This stuff is ultimately judged by the biases of whoever is reading your CV, and people vary a lot.

If an employer is particularly worried about employee staying for extended periods, your record will work against you and you won't get that job, all else equal. But, that's not as bad as it sounds. Some employers value people with Math Degrees. Some prefer PHDs. Some don't. Some employers don't like autodidacts. etc. A 1.5 year average employment period is in that category of preferences. Different employers will treat it differently. Same applies to your time as a freelancer.

Long term, 1-2 year stints early in your career is not usually seen as indicative of anything later on. It's common. So unless it is not causing you problems now, it probably won't later on.

I don't know how it looks when you get to 10X1.5 year jobs though. It would certainly make you an unusual candidate. I've never hired someone with that much experience so never seen these CVs.

The real "problem" cases are people with multiple < 1 year jobs. If your last 3 jobs were under one year, most employers will see that as "The last 3 people that hired him regretted it." That doesn't sound like your record though so like I said, don't worry.

Also, just building your CV your whole life sounds like a drag. Staying at a job you dislike for years just to change your CV image is like taking a job you don't want or doing a degree you hate for your CV, it's unattractive as a lifestyle. If you like changing jobs, do it.

amattn 12 hours ago 1 reply      
As someone who as doubled our eng team in the past four months and plans on doubling it again in the next 6, here's my view:

I use the term jumpy. It is a negative signal, but not a killer signal. You'll have to make up for that with numerous other positive signals, such a extreme technical competence, culture fit, evidence of shipping, etc.

I probably wouldn't point it out on a resume or whatnot, but when asked about it, be honest. Also consider being more picky about the jobs you take. Try to stick and your next place 2-3 years or switch to contracting.

ArtDev 12 hours ago 1 reply      
If you are not changing jobs at least every three years, you are not being paid enough.

Changing jobs every 1-2 years just means you are ambitious. Keep it up! You might find your previous employers will hire you back at a contractor rate remotely in the future.

fridek 13 hours ago 0 replies      
It's absolutely normal to feel bored with a project around a second year of it. Consider finding an environment where you can switch projects while staying within the company. Most large corporations would allow you to do that, at a cost of being probably less flexible with toolchain and decision making process.
flinmaster 13 hours ago 0 replies      
As someone that has run a company (several hundred employees) and hired a lot of people, I would say "yes". If you were someone I was interested in, I would certainly ask you about your job switching. If you told me you got bored and moved on, I'd be very reluctant to invest time in you, only to have you leave. If you're constantly bored, maybe you're looking for the wrong jobs.
sheepmullet 4 hours ago 0 replies      
It depends on the type of work you do and the size of the projects you work on.

If you work on small projects with a 1 month ramp up time then it's not a big deal to leave after a year.

On the other hand I'm currently working on a million+ loc application and the typical ramp up time for a good dev is 6 months. I'm not going to hire somebody who will probably be gone in a year.

cmurf 12 hours ago 0 replies      
10 years ago I was a bit bored in my contract business. As I'm starting yet another new project, I'm talking with the main contact person who happens to be an attorney, and he said something rather interesting. He's been doing what he's been doing for a long time and he's very good at his job, but it's also a bit bland. I think he called it bread and butter work. He doesn't hate it at all, it's just not that interesting, but it pays the bills and, again, he's very good at it. Yet he thinks about retiring. But every once in a while, every 2-3 years, an interesting project (case) comes along that gets him excited and keeps him in the game.

My take away was: it sounds very romantic to be in love with your job, always, but isn't very realistic. Being good at your job is realistic, but many people aren't good at their job. If you are, you stand out and can command a good salary, working hours, benefits, whatever is important to you. And every once in a while you should try to get an interesting project to keep things fresh.

So who's responsibility is it to get that occasional interesting project? I'd loosely say that's 50/50 split between employee and employer. You can't just expect to get spoon fed interesting projects. You have to look for them, and the company has to be in a relevant position to support that.

If you like research, if you good at ramping up and learning new skills, that can be a good way of acquiring the occasional interesting project, while getting better paid for it.

fredkbloggs 12 hours ago 0 replies      
You've spent the first several years of your career figuring out what you want. That's ok. But I would be worried about your time at BigCo, because it seems like you didn't ask the right questions and understand the environment before you signed on. That would make me wonder whether you understand how my team works well enough to know that it's what you want. Based on your history, you've now been in just about every situation out there, and are old enough that you should know what you want and how to ask the right questions during interviews. So at this point I'm expecting that you're going to commit to something long enough to see it through to completion, and I'm going to be asking you tough questions along those lines, mainly to be sure that you know what we're doing, that you're excited about it, and that you intend to finish. If I did decide to hire you, I would probably be looking to structure your compensation around retention through the completion of whatever project I'm hiring for. That said, there are positions where the ramp time is very low and I would basically assume you're like a short-term contractor, and for those positions I wouldn't care. If you find one like that, it's a low-risk opportunity for both sides. The drawback for you is that those positions don't always pay well and are often the first to be eliminated when business slows.

I guess that highlights for me the biggest problem: you've talked a little about what you've done, but nothing about what you want to do. That kinda matters. If you want to be an engineer, you need to prove that you can stick with something from concept to at least the first upgrade cycle (you'll learn more from an upgrade cycle than you will from shipping ten products and then walking away from them each time). That might be a year or it might be ten. If you want to do operations, you need to complete projects and then stick around long enough to learn from what you did. An in any case, hiring managers will want to see that you've shipped something, because that's the only way to be sure that your work was good enough to use. Repeated departure well before shipping (or completing an internal project, etc.) is a big red flag, much moreso than the length of your tenure. And not staying in one place long enough to learn from past mistakes greatly reduces your value. Again, it's not the calendar time, it's what you did and learned.

tedajax 12 hours ago 0 replies      
I've worked at 4 companies in three years. Any company worth working for doesn't give a shit and they'll recognize your abilities.
g8gggu89 12 hours ago 0 replies      
I lasted about 1.5 years each at my first 3 jobs, then I moved to a company I've been at for 4 years. No one questioned anything at any job about past employment lengths. I'm starting to think I should have moved on long ago.

> I had long term plans but found out the IT department is just kind of support and even to make simple changes decisions take weeks. On top of that I got an offer to be first in house employee of a company where I am expected to do everything now and manage as company grows.

No one would want that kind of job, changes taking weeks. They should have made that clear, that they basically do all maintenance. The new job offer sounds more challenging and full of opportunities. Staying at your current job sounds like a really bad idea.

Just be aware and look for more opportunities to do interesting projects at your new place.

Jare 12 hours ago 0 replies      
It's not that you have changed jobs, it's how and why you have done it. From your description you seem to be directionless, impatient, and prone to experimenting over informing yourself properly. Yeah I would definitely consider you 'unreliable'.
louithethrid 13 hours ago 1 reply      
Try to show proof that the companys want to keep you- and have a very good reason - like i get bored easily.

For companys the questions is do you reach the break even- the point where the investment that they did by hire and assigning somebody too you, to introduce you to your tools and internal operations. Everything else is rather benefical.

Cooperations outsource codejobs to strangers today. And they do well with it. Never heard a hiring manager complain about the company beeing "a problem case" when it came to investments in hirde guns.

You might not hit it off with your collagues though. Many want the safety. If somebody appears who represents the opposite lifestyle, and shows everyone that life can be lived different- which theire manager might use for pressure once you are gone - things can get a little frosty.

hartator 12 hours ago 0 replies      
> Suddenly I realized I have changed 4 companies in 6 yrs. That made me a bit worried.

4 companies in 6 years is nothing. I would be more wary of someone switching job every 2/3 months. So, more than 6 times the number of companies you have been working for. You are fine.

anders30 12 hours ago 0 replies      
I recommend looking into a large company that lets you move around (specifically let me recommend Boeing). I have changed groups several times and there is very little stigma assuming you can get yourself up to speed in a reasonable time frame and you're not, "leaving behind dead bodies".

Consider reading a book called, "The First 90 Days: Critical Success Strategies for New Leaders at All Levels". It's contents helped me gear my interviews towards how and when I would add value to a new group. I believe that is the key to changing jobs - average time to positive ROI from the new group's perspective, not average time spent in a group.

You have some great recommendations in this thread, so thank you for asking!

bshimmin 13 hours ago 0 replies      
It sounds to me like becoming a contractor might perhaps suit you better - is that a possibility where you are based? On the other hand, contract roles often involve the kind of problems you wouldn't necessarily find "challenging".
JSeymourATL 12 hours ago 0 replies      
> Does this mean I am unreliable and my career is going in wrong direction?

Self-awareness is good step forward in managing your career. Be upfront with potential employers on what you've learned so far. And be prepared to address concerns they may have over your decision-quality, stick-to-itiveness, and maturity.

Relative to your next move(s) suggest that you create a scorecard-- get clear about the types of environments & work you find appealing and intellectually challenging. You must probe for those things as you explore new opportunities. Put some serious thought into evaluating if the next job is a strong match.

Quanticles 12 hours ago 0 replies      
Finding and hiring the right person is very time consuming, training up that person is very timing consuming, and when someone leaves, training someone to take over their responsibilities is very time consuming. Combining all of those these together, each time a person leaves a company it incurs a cost of about 6 months of their salary. I'd rather pay more for someone that's going to stick around then hire people who are likely going to get bored and leave. Many companies try to figure out way to reduce turnover - it's very expensive.
antirez 12 hours ago 0 replies      
The problem with switching often is that there are good reasons to do it, and bad reasons forcing you to do it... That is, many people that read N books and look like experts at a first glance, but can't actually code tend to switch work very often since after some time they are "uncovered" and move away. There are other good reasons to switch often: being exposed to new technologies, getting a raise, and so forth, the risk is to be confused for a frequent changer for the reason she/he can't actually code.
matt_morgan 13 hours ago 1 reply      
Like others have said, the important thing is do you just bore easily?

You have mostly pretty good reasons for the switches. The possible exception is the research career move ... didn't you know going in how little money you'd be making? Sounds a little flaky to give up on it for that reason. If I were interviewing you, I'd drill down on that one.

The trick is, would I even interview you or would I see the resume and think, hmm, I don't know? I try to be very thoughtful about that but I usually get a lot of applicants ... I think you should try to keep this new position for a while.

Demoneeri 12 hours ago 1 reply      
I'm like you, I changed many times. I get bored easily. I think I found what is right for me, maybe it can help you. I now work for a big IT consulting firm on projects averaging 3-5 months.
davemel37 12 hours ago 0 replies      
Its only a problem if it causes you problems. You shouldnt make decisions about which jobs to stay at or leave because you have some perceived correlation between length at a job and reliability.

This is one of those classic cases where the culutural pressures and beliefs are wrong and ripe for ignoring. Especially for an engineer/hacker its important to second guess your societal perceptions and make decisions on more substantial foundations.

kfcm 12 hours ago 0 replies      
It's like the old real estate mantra goes: "It's all about location, location, location."

There will be some metros where no one cares; they're so short-handed and the tech market so hot, they won't care and will hire you. Other metros which are more sedate, with few companies and therefore over-saturated with techs and H1Bs will look at you and laugh.

cj 12 hours ago 0 replies      
It's definitely a negative signal for me if someone has moved around a lot within the last few years.

It's not so much a problem for a senior engineer who can onboard relatively quickly.

But for junior engineers, I would be a lot more hesitant because the onboarding that the company invests in you is lost if there's a high chance you'll move on a few months later.

meerita 12 hours ago 0 replies      
I definitively would hire someone who has experienced different kind of codebases, business styles and products. Think about it.
pkaye 13 hours ago 0 replies      
I would look at how long someone needs to work in that industry to meaningfully complete a project or two. In mine, it is about 2 years. If they consistently have below this, I would have to question the depth of contributions to the projects they worked on. New grads I do give a little leeway as they are just figuring out what they want to do.
kkapelon 12 hours ago 0 replies      
Just to be on the safe side, I would stay at least 3 years on a job. 2-3 years is what recruiters/hr people look in CV. If it is less for too many jobs, then they assume that you are a job hopper.

So in your case, yes I would say that 1,5 years is controversial. For 6 years you should have changed 2 jobs (maybe 3 with a good explanation)

flarg 12 hours ago 0 replies      
Sounds like you might enjoy freelancing more? Not sure how it works in the RoW - but in the UK you look for contracts, when you find one setup your Ltd Co and engage an accountant - and you're set --- with the added bonus that your will stick with you employer (yourself) for many years.
gizi 12 hours ago 1 reply      
As a contractor/freelancer, you may very well switch every 6 months. Nobody says anything about that. It is an absolutely normal thing to do. Just say that you had achieved the goal of the short-term contract for which you had been hired. In a sense, it is probably true anyway.
bdcravens 12 hours ago 0 replies      
No, it's common. Many developers focus on purely contract or project work, so 4 companies in one year isn't uncommon.

You have an increased validation in your hirability, as four different companies have thought you were good enough to give an offer to.

TaylorGood 12 hours ago 0 replies      
Startups aside I'm about 1.5 years on average and the massive finance company I'm at right now only asked about my entrepreneur itch and whether I'll be tempted to jump back in..
b0sk 12 hours ago 1 reply      
Unfortunately, yes. Your recruiter and/or hiring manager are definitely going to ask you this and make sure you have a ready-made answer for this question which doesn't involve "boring".
Ask HN: Do you use Vagrant or Docker for active development?
48 points by dnt404-1  15 hours ago   65 comments top 27
brightball 14 hours ago 0 replies      
On a Mac or Windows machine you're using Docker with Vagrant via Boot2Docker anyway.

A lot of people us both http://docs.vagrantup.com/v2/provisioning/docker.html

That's actually the only thing that got me to hold off on Docker the last 2 times I've evaluated it. I was able to get everything running for a 1 monolith + 7 microservice system that I work with but the local developer workflow felt very clunky even with Fig. That was 6 months ago and it's my understanding there have been a lot of improvements.

That project was for a Ruby team and there are so many Ruby based tools that make the local development workflow a smooth operation that shoehorning Docker in locally would have been a step back, so we held off on it.

It's an area that I think will see major improvement though. Heroku's even gotten in on it.


Which is really impressive to me. If anybody in the space can polish out the user experience, it's Heroku.

dcosson 14 hours ago 4 replies      
I recently switched to using both, docker running in a Vagrant VM. I've had several frustrating issues with boot2docker on OSX, it's generally just been less stable for me than Vagrant.

In terms of using docker, IMO it's the best development experience I've come across once you get everything set up. It can be confusing to get your workflow set up at first, and it seems like everyone does it a little differently, I'm hoping that best practices will standardize a bit as docker continues to mature.

I love having every part of an app (app code, split into a few microservices if you wish, postgres, redis, rabbitmq, etc.) completely isolated, and docker-compose is a great system for linking things together. I also currently don't have any puppet/chef/etc code and love not having to maintain that, in my mind a large part of the need for configuration management tools is dealing with the complexity of diffing two arbitrary states of infrastructure, and with the immuatable approach of docker containers all that complexity disappears.

noir_lord 13 hours ago 0 replies      
Use Vagrant for everything even tiny projects go in a Vagrant container (isolation is the primary win with the ability to do a git clone, vagrant up and be away).

Don't use any kind of provisioning on vagrant just straight bootstrap.sh as honestly I don't like them.

JimmaDaRustla 14 hours ago 1 reply      
I don't use Docker, although I don't have a need for it.

As a solo coder, I love vagrant - the whole nature that you can use a configuration file with a script or two to build out an entire VM has so many benefits. Less time to build the VM, easily destroy the entire VM, easily rebuild the entire VM, save drive space by destroying the VM when you don't need it, keep the VM configuration in a git repo, distribute the configuration to someone else to use, and the best is having all the steps used to configure the VM are documented in the config file and scripts.

nahiluhmot 14 hours ago 1 reply      
> Data persistence support is not out-of-the-box.

This is actually not the case. Although containers do not share any persistent volumes with the host by default, you can use the --volume option[0] to do so.

To answer your question, I've used Docker for local development to run MySQL, Postgres, and Redis inside of containers. Using the aforementioned --volume option, you can share the unix socket opened by either of these services from the container to the host. Otherwise, you can use the --port option[1] to share ports between the container and the host.

I've had a generally pleasant experience using Docker for this use case and would recommend it. It's nice being able to start using a new service by pulling and running an image. Similarly, it's nice to have the ability to clear the state by removing the container, assuming you choose not to mount volumes between the container and the host.

The only frustration I've run into is running out of disk because I have too many images, but it takes a while to get to that point and those can easily be deleted.

[0] https://docs.docker.com/reference/run/#volume-shared-filesys...[1] https://docs.docker.com/reference/run/#expose-incoming-ports

zoner 14 hours ago 0 replies      
Vagrant with Docker provisioner:


Much faster than the Virtualbox provisioner, so it's not an "or" decision, the two thing works well together :)

parshimers 13 hours ago 0 replies      
Docker is really great for developing things IMO. I use it in a few ways actually. One thing I've found it really useful for is isolating build slaves in Jenkins (using the docker-cloud plugin in Jenkins).

I also like to use it to create test deployments for debugging or evaluating things, for example it's a lot easier to run Hadoop in pseudo-distributed mode inside a Docker container with host networking, than it is to fiddle with running it in a VM and either getting NAT or DNS working just right, or installing it locally. With the Docker container, if anything goes awry, it's just so easy to get back to initial state by killing the container and starting again.

As for Vagrant, I like it a lot too, but for different reasons. You can define a set of actions that is a lot closer to installing whatever it is you are developing, instead of baking everything together like you do with Docker, which can be desirable. I have used it in the past for creating virtualized cluster environments for integration testing of distributed systems. I think so far I use the VirtualBox provider, but I'm thinking of re-working some of my past uses of it that don't strictly require a VM to use the Docker provider.

lzlarryli 13 hours ago 0 replies      
I use docker for the development of FEniCS, an open source scientific computing package written mixing python and c++. FEniCS requires a lot of dependencies which can be hard to compile (PETSc alike) or need version hold (Boost alike). Docker helps to hold the environment constant. We currently plan to have build bots based on docker as well to streamline build testing.

When I write code inside docker, I always submit to a git repo like Bitbucket. Data persistency is easy. Besides you can always use --volume, which works out of box in Linux.

Vagrant requires some basic shared environment, which is not realistic in my case. For example, I use Archlinux myself and am forced to use old Scientific Linux at work, while many other FEniCS developers use Ubuntu, Fedora, or Mac stuff. It is too painful to write and maintain a Vagrant script for all these (different compiler, boost, blas, lapack and some other 10+ numerical specific stuff). I even tried Vagrant+docker. But in the end, with docker maturing, I switched to docker+bash script instead. It is just more convenient and needs less dependency.

So I'd endorse a docker only approach if you mostly use Linux and your project has a diverse group of people.

garethsprice 14 hours ago 0 replies      
Working in a consulting capacity, mainly doing LAMP development with a small team. We use a standardized Vagrant image (https://github.com/readysetrocket/vagrant-lamp) which has cut down on a lot of local environment issues for our dev team.

Previously all devs had their own environment (some MAMP/WAMP, some homebrew, some remote, etc) which led to onboarding and support issues. Setting up a standardized recommended dev environment has helped with that a lot - both in terms of reducing project onboarding and getting junior developers up and running.

Would love a day where we can build projects as Docker containers and hand them off to our clients' IT teams, but that seems to be a way off.

SO thread where the authors of Vagrant and Docker weigh in: http://stackoverflow.com/questions/16647069/should-i-use-vag...

danwakefield 13 hours ago 1 reply      
Vagrant with ansible to set it up. 1 build vm, 6 'deployed' vm's and 1 'deployer'.

Needs a minimum of 42G ram, 150G disk space and fills its logs at 2G/h. Not great when you are running on a 256G SSD.

Building takes 2h+ with ~10% random failure rate due to dependency mirrors and timeouts.

The python code is deployed as gziped virtualenvs to the hosts. This actually works pretty nicely as it means you cant just import stuff and have to build stuff similar to 12 factor style(We dont use ENV_VARS/stdout logging though).

TBH I still dont really see the point of docker, Im sure it will 'just click' at some point but it hasnt happened yet

wodzu 14 hours ago 1 reply      
I would put it the other way around. Docker+Vagrant is best used for deployment and hopefully it will be stable and battle-tested enough so I can use it in production.

I love the fact that once I configured the dev environment on my PC and I hit the road on the next day I can have exactly same environment on my laptop by running single line - "vagrant up". Not to mention that any dev working on the same project saves himself ton of time but not having to configure everything from scratch.

I have not taken the leap of faith yet and I am not using the docker in production but hopefully this will happen soon.

eli 14 hours ago 1 reply      
How would you provision the Vagrant box? I would think you'd want to avoid having some Dockerfiles for setting up production servers and some completely different provisioner for setting up development in Vagrant.
Tomdarkness 14 hours ago 2 replies      
Why not both? We use vagrant to create our docker environment - a 3 machine CoreOS cluster. This is so we accurately represent our production environment.

We then use our production docker image(s) with some more development appropriate configuration options. Vagrant mounts the user's home directory at /Users/<username>/ inside the CoreOS machines. Then we mount the appropriate folder inside the docker container at where the container would normally expect to find the app's code. This way the developers have live updates without having to rebuild the docker image or anything.

ajdlinux 14 hours ago 3 replies      
I've used Vagrant for a few projects over the past few years - mostly small things like hackathons and such. Haven't used it much in the past year or so though.

At my last job we used Docker extensively for developing our main software product, based on a Django + PostgreSQL + RabbitMQ + Celery stack. It's definitely a bit tricky to get your head around at first, but after that, it's very nice being able to just type "docker-compose start" and have a working application with consistent configuration ten seconds later.

awongh 13 hours ago 0 replies      
I've used vagrant for a big rails 3 app with a lot of dependencies and services, i.e., solr, a redis backed delayed_job queue, etc.- stuff that would have difficult or impossible to manage on a mac.

The vm environment was also as close as possible to the production env, with the same os version, etc.

It also greatly streamlined onboarding of new devs. The dev environment setup was a couple of hours instead of a day or two.

chrisgoman 9 hours ago 0 replies      
Yes, Vagrant only (it is awesome), still not sure what docker does. After setting up a Vagrant VM, I run fabric scripts to build the box for its role
mulander 14 hours ago 0 replies      
The only use case I had for docker so far was to set up a cross compiler toolchain to produce binaries for an armv7 igep board.

It was significantly easier to tell my co-workers to install docker and type `make local` for local binaries and `make igep` to produce a igep armv7 binary by running a docker container.

dolel13 13 hours ago 1 reply      
I use docker extensively for both development and production, using it to mirror the production environment as much as possible. Write code on the host, run on the container. It took me sometime to adjust to the concept but once I did, it was pretty cool.
edude03 13 hours ago 0 replies      
I use Ansible and Vagrant for active development of client projects. It's a great combo because it ensures my local environment matches production as close as possible and as well I can go from nothing to running environment with a vagrant up.
jlu 13 hours ago 2 replies      
Not to hijack the thread, just wondering anyone has experience with zero-downtime deployment of multi-container app with cross-container communication?
buster 14 hours ago 0 replies      
Using Vagrant with docker inside for development for some time now and it's been the biggest productivity boost ever, give it a try.
mrbig4545 14 hours ago 0 replies      
Vagrant and puppet. And it's the same puppet we use for production, so we're as close as we can get.
adamjin 13 hours ago 0 replies      
I use vagrant for all my developments, it was easy for me to setup and play around with some new tools, such as saltstack (configuring master and minions) and reused the same bash scripts to setup the dev env.
fs111 14 hours ago 0 replies      
I use vagrant to run a multi-vm hadoop cluster for testing.
betaby 14 hours ago 0 replies      
systemd-nspawn and linux-vserver environments with dependencies (library versions, compilers, even python vitualenv) guaranteed by cfengine promises.
ThrowThrow2 14 hours ago 0 replies      
Isn't it more like Docker with Vagrant?
programminggeek 13 hours ago 0 replies      
vagrant is okay, but it's kind of a PITA.
Support Greek tech startups blocked from paying their bills
6 points by mozboz  19 hours ago   1 comment top
icebraining 8 hours ago 0 replies      
As a Portuguese, I have to wonder: if a similar situation began to loom on the horizon, what could a small company do? Could it open a foreign account and transfer some buffer money to it, or would that generally raise questions?

I know most people here won't know about the Portuguese law in specific, but I'd be interested to know what options are usually available/recommended.

Ask HN: How can I trust Google Analytics?
31 points by goferito  1 day ago   43 comments top 18
gk1 1 day ago 3 replies      
I do marketing ops consulting and see this stuff all the time. First, let's get two things out of the way:

1. Yes, Google Analytics can be quite useless if you keep default settings with no configuration.

2. That doesn't mean you should jump straight to a self-hosted solution, or a paid solution, or throw up your hands and say "it'll never be accurate."

For most use cases, GA is more than good enough to measure effectiveness of online marketing efforts. Dismissing it outright in favor of a paid or self-hosted option just because you didn't google "how to prevent analytics hijacking" is bad decision-making.


Now on to the fix...

You can create a filter in your GA view settings to ignore tracking calls from any hostname other than your own. See here: https://support.google.com/analytics/answer/1033162?hl=en

PS - No client-side analytics will ever be 100% accurate, certainly not GA. But for the purposes of measuring marketing efforts and results, you can have greater tolerances. It's a tool for marketing, not logging.

fasouto 1 day ago 4 replies      
Nice experiment! Link for the lazy: https://github.com/goferito/gapoc

I guess SEO people already know this, the question is: can you trust a SEO consultant?

gesman 1 day ago 1 reply      
Taking advantage of GA deficiencies is widely used to inflate traffic figures during website sales negotiations.

GA is really not a product you want to trust your business with. Best approach is to consider self-hosted analytics solutions.

I built my own for my needs which also include combined features for security analytics to investigate malware attacks. GA is totally useless in this aspect.

jand 1 day ago 0 replies      
There is a workaround - but it will reduce the amount of data points available to GA and put stress on your box: Use server-side tracking calls.

As said, this will remove all data points which are usually gathered by the GA-Javascript. Same thing is possible with Piwik.

You _could try_ to have custom JS that would gather those data-points like e.g. screen resolution.

sjs382 1 day ago 2 replies      
You can't know. GA spam is rampant, more so via referer spam than anything else.
fiatjaf 1 day ago 0 replies      
The server cannot know if an event is coming from a browser or not, and anyone can make it look like coming from a browser while making it from another program, although you can't do it inside a proper browser.
rotten 1 day ago 0 replies      
Another caveat is that you have to wait 72 hours after the event before you can be reasonably sure the counts aren't going to change any more. Sure, you get some results immediately, but for some reason, some take a long time to settle. I'm guessing it is a massive eventually consistent distributed database, and that GA hits are going to nearest or least busy nodes and it just takes a while for them all to sync up.
achairapart 1 day ago 0 replies      
Experienced this a few times when somebody cloned my whole website, GA tracking code included.

Also, with the increasing spam coming from referrer and the new trend of adv blocking plugins (they block GA too), Google Analytics has become less reliable than ever.

However, you can setup open source analytics software on your own server, like [Piwik](http://piwik.org/).

an4rchy 1 day ago 0 replies      
In addition to the other comments, you could always try to use another analytics product in parallel (from time to time randomly in the year) to quickly validate the accuracy of the results. This will serve as an indicator and also validate assumptions regarding the integrity of the analytics.
forgottenpass 1 day ago 0 replies      
Update your javascript tracking code to include a nonce generated serverside. Send the nonce along with the rest of the report to the tracking server. Filter out reports with duplicate or missing nonces. Dunno if you can do it with GA, you might have to hack it into Piwik.
awavering 1 day ago 0 replies      
You can add filters to exclude data before it gets recorded: http://viget.com/advance/removing-referral-spam-from-google-...
dabernathy89 1 day ago 0 replies      
Analytics is useful but the information is certainly not to be trusted completely. Especially on the e-commerce side.

what blows my mind is that they aren't doing more to fight the referral / event tracking spam. it's totally out of control.

tomclaus 1 day ago 1 reply      
You can use a GA Filter based on your domain name. It solved my problem.
vgt 1 day ago 0 replies      
If you are a Google Analytics Premium customer, your raw dataset is automatically available in BigQuery, so you can see down to every click and run your own SQL on it.
lmm 1 day ago 0 replies      
I understand you're supposed to whitelist in GA which pages are allowed to send a given tracking ID?
kelseydh 1 day ago 3 replies      
We just ran into a problem with Google Analytics trying to track opening clicks by sending an event to GA. Turns out when you click a link to open it, the browser page would load before the event to GA could be sent.

Screwed up a huge amount of our click tracking data on GA.

goferito 1 day ago 0 replies      
Is there any other reliable tool I can use instead?
Ask HN: Should I use disqus for my start up?
6 points by philtar  18 hours ago   6 comments top 5
MalcolmDiggs 1 hour ago 0 replies      
If the comments have any SEO value to you, then no I wouldn't use disqus, I'd make sure the comments actually lived in the DOM of the page.

But if the comments are just an add-on with little SEO value, then sure, quick and easy.

vikp 15 hours ago 1 reply      
Disqus is good for an MVP. It's easy to embed and works well.

If you're worried about "owning" the data/community, you could host your own discourse (http://www.discourse.org/) instance and use their embed feature (http://eviltrout.com/2014/01/22/embedding-discourse.html).

Embedding is sadly missing inline commenting, though.

rayalez 16 hours ago 0 replies      
Personally I dislike disqus. I guess there's nothing wrong with it, but if you have a kind of service users will need to register with anyway - why not create your own system that you can customize however you want, and keep your own data, etc, etc?

On the other hand if you are just working on MVP, and comments are not your main value prop, and you just don't want to bother with implementing your own system - sure, whatever, go for it. There's nothing too horrible about disqus, it's fine.

shash7 18 hours ago 0 replies      
I have used disqus in the past and I would say, go for it!Pros and cons:

+ Highly customizable

+ Loads of moderation options(whitelists, blacklists)

+ Active community

+ Easy to use admin tools

- Seems to load slowly sometimes

Also, the most compelling reason for using it is that you don't need to waste time coding your own commenting system. In the future if you decide to make a commenting system of your own, you can always export comments from disqus.

TheLoneWolfling 14 hours ago 0 replies      
If you do, know that I won't be using it. It's a single data point, I know, but I felt I should mention it.

I don't like enabling semi-arbitrary JS from one place among all the sites I visit.

Ask HN: Do you have a side project you want to sell?
18 points by drizzzler  1 day ago   6 comments top 4
brotchie 1 day ago 0 replies      
BroApp - Your Clever Relationship Wingman


Fun side project that blew up with world-wide media attention last year. Intro video here: https://www.youtube.com/watch?v=O_2zr5EYbDk. On Jimmy Fallon tonight show here: https://www.youtube.com/watch?v=oTf7g59LQ_Y.

Working on other projects and not really interested in building out more functionality / monetizing.

Looking to sell all source code (Android + iOS), domain, US trademark on BroApp, email lists, etc. Facebook newsfeed cost-per-install is ~$0.21 with a lookalike audience built off our install base.

LukeFitzpatrick 1 day ago 0 replies      
The product: - A search engine to compete with Amazon, app based. Status - needs about 10 programmers to finish it, comes with a pitch deck. Also, made an app game to promote it's launch, the app features some medium-well known writers & reporters. The app game is done, but not launched. I never launched it as the time mechanism in the game play needs to be improved.

- I'm also looking for help with programming, only equity. Have programmers already making it; however, their is a lot to do, marketing & partners = pretty solid. Platform based, semi-social network that benefits startups.

Anyone is welcome to email about this or just say 'hi' :) at lukejamesfitzpatrick@gmail.com

drizzzler 1 day ago 2 replies      

Allows vacation rental hosts to recommend/sell travel activities to their guests. Commissions on sales are shared with the hosts.

For sale, or looking for a non-technical business/growth partner to work on it part-time with me.

fananta 12 hours ago 0 replies      
Zenlist (http://zenlist.co)

A simple to-do list

Ask HN: Is a static site hosted on AWS S3 'hackable'?
50 points by bikamonki  2 days ago   47 comments top 10
dguido 2 days ago 8 replies      
Not through a web application vulnerability it can't (there is no application code to break!).

Your biggest issues with that setup will be:

1. Credential and permissions management. Don't lose control of your access keys to AWS! Set up "MFA" at the very least. If you use your AWS account for other purposes, use IAM to ensure that other users cannot access the S3 bucket with the site in it.

2. Getting that green lock (e.g. HTTPS). You can pay $800/month or something insane to Cloudfront to get a custom TLS cert on their CDN, or you can get Cloudflare's "universal ssl" for $20.

3. DDoS is not really a concern. It would be nearly impossible to DDoS an HTML-only website hosted in an S3 bucket. I'd really like to see someone try. The only thing that could happen is you get charged a bit more that month while people are DDoS'ing you. But if you're behind a CDN like Cloudfront or Cloudflare (which can cache everything because it's plain HTML), then the impact would be reduced.

4. Your Registrar suddenly becomes a huge risk. Make sure you use a secure domain registrar (ie. NOT GODADDY!), that the registrar has a "Registrar-Lock" turned on for your domain, and that your account with them has 2FA. If you screw that up, then someone might be able to socially engineer the phone rep at the registrar to transfer the domain, change the nameservers, etc. This happens depressingly often.

5. 3rd party services you use could get hacked. You'll likely import a bunch of JavaScript from other websites onto your own. If any of those websites get compromised, it might affect your website too. Make sure to use 2FA on every service you can (https://twofactorauth.org/) and minimize the amount of JavaScript/fonts/css/whatever that you load from 3rd parties (re-host it locally).

I highly recommend setting up websites this way. It's fast, easy to maintain, and incredibly secure. We do this for the trailofbits.com website and we're very happy with it. Jekyll FTW.

ps. don't forget you can use Github Pages too.

matiu 1 day ago 1 reply      
How I would hack it (if I was evil and cared enough):

1. Gather info from whois DB, google search, site spidering, going to your house and looking through your trash.

2. Ring you up - Hello I'm Joe from the tax department/credit card company/bank we need to confirm your address .. give your address .. could I please confirm you are the credit card holder, I just need the last 4 digits

3. Ring your friends, family and business contacts - use smooth talking to gather as much info as possible.

4. Ring up Amazon - oh yes I am mister XXX, I forgot my password, please can you reset it. If they don't I'll try to guess information, and glean any info out of the replies.

5. Ring up your email provider and do the same

6. Keep on ringing about 8 hours apart to make sure I get different teams, so it's fresh each time, until I had enough info to get access to the account

7. Make sure to delete all backups

8. Deface to my hearts content - change all the passwords, blah blah


This is the info I'd try and gather:

* Name - probably from whois

* DOB - probably from public records search - or ringing friends

* Phone - probably from your trash or mailbox

* Last four credit card digits - probably will get from your trash, or tricking you on the phone

* Date of last payment - Probably from tricking Amazon

* Password bits - pet's name, girfriend/wife/child names and ages, keylogger in an email I sent you

tptacek 2 days ago 0 replies      
Presuming you don't misconfigure S3, this is one of the least "hackable" ways to stand up a website.
aruggirello 1 day ago 1 reply      
Nobody mentioned it, but having a static website vs. a dynamic one, leaves your contents exposed to scraping, proxy hijacking and framing. While the latter can be mitigated by a one-line script, IMHO you basically can't defeat scrapers and proxies client-side-only - modern scrapers are able to run any javascript if needed. So expect a plethora of bad/spam links, unauthorized copies of your pages - etc. Especially if your contents attracts a lot of traffic and/or you have many competitors.

I recommend you watch periodically for your contents to pop up on random domains (you can google for your exact texts) and file your DMCA requests as soon as they appear.

It might help to use <base> tags, absolute URL links and the likes in all of your web pages, as well as mention your domain both in textual contents and images (logo?) - that actively discourages "lazy duplicates" of your pages (but not copy/pasting your articles on a different site by hand).

Just my two cents.

DiabloD3 2 days ago 0 replies      
A static website that is served over HTTPS only[1], and lets say for the sake of argument, HTTPS secure enough not to MITM, and no services outside of your control (DNS, etc) are MITMable, and your credentials to Amazon can't be stolen...

The only way to hack your site is to actually be at Amazon with access to whatever disk array stores your data. As in, I'm pretty sure "inside job" is the only route left.

[1]: http://www.troyhunt.com/2015/06/understanding-http-strict-tr...

SEJeff 2 days ago 1 reply      
Sure, strong credentials can still be leaked due to a simple phishing email to the right person.

There is no such thing as an unhackable system, only more and less difficult to hack systems.

syllogism 1 day ago 0 replies      
What steps would you go through if you lost the passwords to either the domain registrar or the AWS account? How does the account recovery work?

Usually it relies on ownership of some third account, e.g. email. Okay, what's the recovery process for the email account? Receiving an SMS to a particular phone number? Okay, what's the recovery process for that phone number? What's the process to get the phone number redirected?

At some point you're going to end up being able to ring up a number and tell someone a name, address, date of birth etc. Best case you ring up and they say okay we'll mail you something. Or they make you come in person and sign.

Customers lose credentials constantly, and won't tolerate being told that this means their account is unrecoverable. So there is almost always another way.

gesman 1 day ago 0 replies      
A bit out of the topic,

But I think generally if your site is not using top 3 popular CMS-es like WP, Drupal and Joomla - this will make 99.9% of attackers to move on and scan for easier targets elsewhere.

evandrix 1 day ago 0 replies      
You can position your site behind CloudFlare's DDoS protection, eg. http://ht.transparencytoolkit.org
contingencies 1 day ago 0 replies      
Endpoint security.

SSH guessable passwords.

HTTP daemon vulnerabilities.

Any other daemons running.

Resource exhaustion.


Client MITM.

Route corruption.

       cached 11 July 2015 04:05:03 GMT